BitcoinJS Webtuesday Presentation

$

www.bitcoinjs.org Creative Commons 3.0 Attribution

A divorce and new beginnings

Stefan Thomas • WeUseCoins.com

BitcoinJS

$


login

$


login

$


login

- Web developer 13 years

$


login


- Bitcoin evangelist

$


login


- Bitcoin evangelist 6 months

$


login



$


login



$


ls

- What’s Bitcoin? (1 slide version) - Things that are... sub-optimal - Node.js to the rescue!

$


man bitcoin

$


man bitcoin

- Limited set of tokens

$


man bitcoin

- Limited set of tokens - Decentralized

$


man bitcoin

- Limited set of tokens - Decentralized - Open-Source

$


man bitcoin

- Limited set of tokens - Decentralized - Open-Source

= Internet Money

$


wget blk*.dat

$


wget blk*.dat

$


wget blk*.dat

140000 x

$


wget blk*.dat

140000 x

= 620 MB

$


wget blk*.dat

140000 x

= 620 MB => 6-24 hours

$


wget blk*.dat

140000 x

= 620 MB => 6-24 hours

$


rm wallet.dat

$


rm wallet.dat

VirtualBox Dropbox Ironkey +

Truecrypt

$


rm wallet.dat


Truecrypt

$


rm wallet.dat


Truecrypt

$


rm wallet.dat


Truecrypt

$


rm wallet.dat


Truecrypt

$


rm wallet.dat

$


rm wallet.dat

$


scp wallet.dat

These additions include nine new SCADA exploits, improved 64-

bit Linux payloads, exploits for Firefox and Internet Explorer,

full-HTTPS and HTTP Meterpreter stagers, and post-exploitation

modules for dumping passwords from Outlook, WSFTP,

CoreFTP, SmartFTP, TotalCommander, BitCoin and many other

applications.

Metasploit 4.0

$


scp wallet.dat

These additions include nine new SCADA exploits, improved 64-

bit Linux payloads, exploits for Firefox and Internet Explorer,

full-HTTPS and HTTP Meterpreter stagers, and post-exploitation

modules for dumping passwords from Outlook, WSFTP,

CoreFTP, SmartFTP, TotalCommander, BitCoin and many other

applications.

Metasploit 4.0

$


scp wallet.dat

Metasploit 4.0 blah new post exploitation modules

$


scp wallet.dat

Metasploit 4.0 blah new post exploitation modules

blah blah for dumping passwords blah

$


scp wallet.dat

Metasploit 4.0

Blah, BitCoin, Blah, …

blah new post exploitation modules


$


scp wallet.dat

Metasploit 4.0

Blah, BitCoin, Blah, …

blah new post exploitation modules


$


cat cmn_sense.txt

$


cat cmn_sense.txt

Block chain

$


uml blockchain

$


cat cmn_sense.txt

Block chain

$


cat cmn_sense.txt

Block chain UI

$


cat cmn_sense.txt

Block chain UI Wallet

$


cat cmn_sense.txt


• HUGE!! • Global • Public

$


cat cmn_sense.txt



-> Server

$


cat cmn_sense.txt



• Complex • Personal • Private

-> Server

$


cat cmn_sense.txt




-> Server -> Client

$


cat cmn_sense.txt




• Simple • Personal • Secret!!

-> Server -> Client

$


cat cmn_sense.txt




• Simple • Personal • Secret!!

-> Server -> Client -> Hardware (ideally)

$


find platform

Block chain server • Peer-to-peer node

$


find platform

Block chain server • Peer-to-peer node • Realtime

$


find platform

Block chain server • Peer-to-peer node • Realtime • JSON-RPC

$


find platform

Block chain server • Peer-to-peer node • Realtime • JSON-RPC • Lots of concurrent users

$


find platform


$


find platform


+

$


d8 server.js

$


d8 server.js

Memory leaks! Example: MongooseJS

$


d8 server.js

Memory leaks! Collection.prototype.addQueue = function (name, args) { this.queue.push([name, args]); return this; }; Collection.prototype.doQueue = function () { for (var i = 0, l = this.queue.length; i < l; i++){ this[this.queue[i][0]].apply(this, this.queue[i][1]); } return this; };

Example: MongooseJS

$


d8 server.js

Memory leaks! Collection.prototype.addQueue = function (name, args) { this.queue.push([name, args]); return this; }; Collection.prototype.doQueue = function () { for (var i = 0, l = this.queue.length; i < l; i++){ this[this.queue[i][0]].apply(this, this.queue[i][1]); } this.queue = []; return this; };

Example: MongooseJS

+

$


d8 server.js

Memory leaks! saw.chain = function () { var ch = Traverse(saw.handlers).map(function (node) { // ... if (typeof node === 'function') { this.update(function () { saw.actions.push({ path : ps, args : [].slice.call(arguments) }); return ch; }); }

Example: node-binary

$


d8 server.js

Lesson

$


d8 server.js

Lesson Node.js libraries can be strange

$


d8 server.js


$


d8 server.js


But overall it’s not that bad!

$


d8 server.js


But overall it’s not that bad!

Also: V8’s GC is very good!

$


d8 server.js

Debugging Tip: “LiveObjectList”

# Compile V8 with LiveObjectList support scons liveobjectlist=on ... # Run your program with debugging node --debug my_leaky_program.js # Connect to your program with D8 d8 --remote_debugger

Getting set up

$


d8 server.js

Debugging Tip: “LiveObjectList”

lol c Capture a heap snapshot lol Show heap snapshots lol list List objects in a snapshot lol diff [s1] [s2] Show differences between snapshots lol path [obj_id] Show retaining paths for an object

Usage

$


d8 server.js moon@clymene:~/opt/node$ deps/v8/d8 --remote_debugger > Type: connect V8-Version: 3.1.8.26 Protocol-Version: 1 Embedding-Host: node v0.4.10 stopped dbg> lol c Captured live object list 1: count 156079 size 8129300 dbg> c (running) > stopped dbg> lol c Captured live object list 2: count 173343 size 8374416 dbg>

$


d8 server.js dbg> gc GC 7809868 => 6710536 (7.4M => 6.4M) dbg> lol diff 1 2 v t Array 1000 objects: [ 1] @222138: size 16, 0xb39bd329 <JSArray> len 0 [ 2] @222139: size 16, 0xb39bd339 <JSArray> len 0 [ 3] @222143: size 16, 0xb39bd3a1 <JSArray> len 0 [ 4] @222144: size 16, 0xb39bd3b1 <JSArray> len 0 [ 5] @222145: size 16, 0xb39bd3c1 <JSArray> len 0 [ 6] @222365: size 16, 0xb39bede5 <JSArray> len 0 [ 7] @222498: size 16, 0xb39bfea5 <JSArray> len 0 [ 8] @222615: size 16, 0xb39c0d55 <JSArray> len 3 ... dbg> lol path @222138

$


d8 server.js | | V [274] @79332 0xb4422699: size 20 : HeapObject DescriptorArray FixedArray 0xb4422699: [FixedArray] - length: 3 [0]: 0xb77b3efd <FixedArray[53]> [1]: 0xb577404d <undefined> [2]: 0xb41eddd9 <JS array[0]> | | V [275] @215108 0xb41eddd9: size 16 : HeapObject JSObject JSArray 0xb41eddd9: [JSObject] - map = 0xb5754861 - prototype = 0xb77b4f49 { #length: 0xb577e581 <Proxy> (callback) #_cast: (null descriptor) } =====================================

$


uname -a

Another thing… 32 bit 64 bit

$


uname -a

Another thing…

- V8 heap limit

32 bit 64 bit

1 GB 1.9 GB

$


uname -a

Another thing…

- V8 heap limit

- MongoDB database

32 bit 64 bit

2.5 GB

1 GB 1.9 GB

$


bitcoinjs run

Now STOP!

$


bitcoinjs run

Demo time! Now STOP!

$


forecast

Lots more to be done!

- GUI

- Wallet

- Shopping Cart Interface

$


git clone bitcoinjs-gui

A matching client!

- JS-based crypto (fun stuff!)

$



A matching client!


- HTML5 LocalStorage

$



A matching client!


- HTML5 LocalStorage

- Socket.IO

$



A matching client!

$



A matching client!

- Beta August 2011

- Screencast: http://www.youtube.com/watch?v=KTmFwnIRG9c

$


wallet 2.0

Ideas for a more secure wallet

$


wallet 2.0


- Deterministic Wallet

$


wallet 2.0



- Distributed Key Generation

$


wallet 2.0



- Distributed Key Generation

- Hardware Device

$


exit

Thank you And good night!

$


tail -f

Meetup this Saturday! Oliver Twist Pub 16:30

@bitcoinjs

github.com/bitcoinjs

Technology

BitcoinJS Webtuesday Presentation